ru update (just copied a large portion of english text)
yGREK Heretix

yGREK Heretix commited on 2008-03-10 17:43:33
Zeige 1 geänderte Dateien mit 367 Einfügungen und 21 Löschungen.

... ...
@@ -1,5 +1,5 @@
1 1
 ## translation metadata
2
-# Based-On-Revision: 13843
2
+# Based-On-Revision: 13933
3 3
 # Last-Translator: ygrekheretix/gmail/com
4 4
 
5 5
 #include "head.wmi" TITLE="Tor: Добровольцы" CHARSET="UTF-8"
... ...
@@ -85,6 +85,372 @@ Tor, <a href="http://vidalia-project.net/">Vidalia</a>.</li>
85 85
 </ol>
86 86
 
87 87
 <a id="Coding"></a>
88
+<a id="Summer"></a>
89
+<a id="Projects"></a>
90
+<h2><a class="anchor" href="#Projects">Good Coding Projects</a></h2>
91
+<ol>
92
+
93
+<li>
94
+Tor/Polipo/Vidalia Auto-Update Framework
95
+<br />
96
+Vidalia already has the ability to notice when the user is running an
97
+outdated or unrecommended version of Tor. Currently, Vidalia simply pops
98
+up a little message box that lets the user know they should manually
99
+upgrade. The goal of this project would be to extend Vidalia with the
100
+ability to also fetch and install the updated Tor software for the
101
+user. Time permitting, we would also like to be able to update other
102
+applications included in the bundled installers, such as Polipo and
103
+Vidalia itself.
104
+<br />
105
+To complete this project, the student will first need to first investigate
106
+the existing auto-update frameworks (e.g., Sparkle on OS X) to evaluate
107
+their strengths, weaknesses, security properties, and ability to be
108
+integrated into Vidalia. If none are found to be suitable, the student
109
+will design their own auto-update framework, document the design, and
110
+then discuss the design with other developers to assess any security
111
+issues. The student will then implement their framework (or integrate
112
+an existing one) and test it.
113
+<br />
114
+A student undertaking this project should have good C++ development
115
+experience. Previous experience with Qt is helpful, but not required. The
116
+student should also have a basic understanding of common security
117
+practices, such as package signature verification. Good writing ability
118
+is also important for this project, since a vital step of the project
119
+will be producing a design document for others to review and discuss
120
+with the student prior to implementation.
121
+</li>
122
+
123
+<li>
124
+An Improved and More Usable Network Map
125
+<br />
126
+One of Vidalia's existing features is a network map that shows the user
127
+the approximate geographic location of relays in the Tor network and
128
+plots the paths the user's traffic takes as it is tunneled through the
129
+Tor network. The map is currently not very interactive and has rather
130
+poor graphics. Instead, we would like to leverage KDE's Marble widget
131
+that gives us a better quality map and enables improved interactivity,
132
+such as allowing the user to click on individual relays or circuits to
133
+display additional information. We might also consider adding the ability
134
+for users to click on a particular relay or a country containing one or
135
+more Tor exit relays and say, ``I want my connections to foo.com to exit
136
+from here.''
137
+<br />
138
+This project will first involve the student getting familiar with Vidalia
139
+and the Marble widget's API. The student will then integrate the widget
140
+into Vidalia and customize Marble to be better suited for our application,
141
+such as making circuits clickable, storing cached map data in Vidalia's
142
+own data directory, and customizing some of the widget's dialogs.
143
+<br />
144
+A student undertaking this project should have good C++ development
145
+experience. Previous experience with Qt and CMake is helpful, but not
146
+required.
147
+</li>
148
+
149
+<li>
150
+Better Debian Support &amp; Packaging
151
+<br />
152
+Vidalia currently doesn't play nicely on Debian and Ubuntu with the
153
+default Tor packages. The current Tor packages automatically start Tor
154
+as a daemon running as the debian-tor user and (sensibly) do not have a
155
+CntrolPort defined in the default torrc. Consequently, Vidalia will try
156
+to start its own Tor process since it could not connect to the existing
157
+Tor, and then Vidalia's Tor process will then exit with an error message
158
+the user likely doesn't understand since Tor cannot bind its listening
159
+ports--they're already in use by the original Tor daemon.
160
+<br />
161
+The current solution involves either telling the user to stop the
162
+existing Tor daemon and let Vidalia start its own Tor process, or
163
+explaining to the user how to set a control port and password in their
164
+torrc. A better solution on Debian would be to use Tor's ControlSocket,
165
+which allows Vidalia to talk to Tor via a Unix domain socket, and could
166
+possibly be enabled by default in Tor's Debian packages. Vidalia can
167
+then authenticate to Tor using cookie authentication if the user running
168
+Vidalia is also in the debian-tor group.
169
+<br />
170
+This project will first involve adding support for Tor's ControlSocket
171
+to Vidalia. The student will then develop and test Debian and Ubuntu
172
+packages for Vidalia that conform to Debian's packaging standards and
173
+making sure it works well with the existing Tor packages. We can also
174
+set up an apt repository to host the new Vidalia packages.
175
+<br />
176
+A student undertaking this project should have prior knowledge of
177
+Debian package management and some C++ development experience. Previous
178
+experience with Qt is helpful, but not required.
179
+</li>
180
+
181
+<li>
182
+Tor Status Event Interface
183
+<br />
184
+There may are a number of status changes of which the user may need
185
+to be informed. For example, if the user is trying to set up a Tor
186
+relay and Tor decides the user's relay is not reachable from outside
187
+the user's network, we should alert the user. Currently, all the user
188
+gets is a couple log messages in Vidalia's 'message log', which they
189
+likely never see since they don't receive a notification that something
190
+has gone wrong. Even if the user does actually look at the message log,
191
+most of the messages make little sense to the novice user.
192
+<br />
193
+Tor has the ability to inform Vidalia of many such status changes, and
194
+we recently implemented support for a couple of these events. Still,
195
+there are many more status events the user should be informed of and we
196
+need a better UI for actually displaying them to the user.
197
+<br />
198
+The goal of this project then is to design and implement a UI for
199
+displaying Tor status events to the user. For example, we might put a
200
+little badge on Vidalia's tray icon that alerts the user to new status
201
+events they should look at. Double-clicking the icon could bring up a
202
+dialog that summarizes recent status events in simple terms and maybe
203
+suggests a remedy for any negative statuses if they can be corrected by
204
+the user. Of course, this is just an example and the student is free to
205
+suggest another approach.
206
+<br />
207
+A student undertaking this project should have good UI design and layout
208
+experience and some C++ development experience. Previous experience
209
+with Qt and Qt's Designer will be very helpful, but not required. Some
210
+English writing ability will also be useful, since this project will
211
+likely involve writing small amounts of help documentation that should
212
+be understandable by non-technical users. Bonus points for some graphic
213
+design/Photoshop fu, since we might want/need some shiny new icons too.
214
+</li>
215
+
216
+<li>
217
+A translation wiki
218
+<br />
219
+We require a way to edit and translate sections of the website &mdash;
220
+possibly resulting in a patch for the official svn tree. The current
221
+"cost" of publication of website changes is quite high even for English
222
+language users. They need to check out our template files, translate them
223
+and send us the translation. For a single word change or any type of
224
+minor change, the page may never be corrected or translated.  It would
225
+be nice to have a wiki that was specifically geared towards translation
226
+and would somehow track the upstream (English) versions to indicate when
227
+a fresh translation is needed. This seems mostly like a job for a wiki
228
+integrator or wiki software author. Certainly the person would need to
229
+be interested in human languages and translation. They should at least
230
+be minimally familiar with what Tor is but would not have to interact
231
+with the software, only the documentation on the website.
232
+</li>
233
+
234
+<li>
235
+https://check.torproject.org
236
+<br />
237
+We currently have a functional web page to detect if Tor is working. It
238
+is has a few places where it falls short. It requires improvements with
239
+regard to default languages and functionality. It currently only responds
240
+in English. In addition, it is a hack of a perl script that should have
241
+never seen the light of day. It should probably be rewritten in python
242
+with multi-lingual support in mind. It currently uses the Tor DNS exit
243
+list and should continue to do so in the future. It may result in certain
244
+false positives and these should be discovered, documented, and fixed
245
+where possible. Anyone working on this project should be interested in
246
+DNS, basic perl or preferably python programming skills and will have
247
+to interact minimally with Tor to test their code.
248
+</li>
249
+
250
+<li>
251
+exitlist.torproject.org
252
+<br />
253
+The exitlist software is written by our fabulous anonymous
254
+contributer Tup. It's a haskel DNS server that supports part of our <a
255
+href="https://www.torproject.org/svn/trunk/doc/contrib/torel-design.txt">exitlist
256
+design document</a>. Currently, it's functional and it is used by
257
+check.torproject.org and other users. The issues that are outstanding
258
+are mostly aesthetic. This wonderful service could use a much better
259
+website using the common Tor theme. It would be best served with better
260
+documentation for common services that use an RBL. It could use more
261
+publicity. A person working on this project should be interested in DNS,
262
+basic RBL configuration for popular services, and writing documentation.
263
+The person would require minimal Tor interaction &mdash; testing their
264
+own documentation at the very least. Furthermore, it would be useful
265
+if they were interested in haskel and wanted to implement more of the
266
+torel-design.txt suggestions.
267
+</li>
268
+
269
+<li>
270
+Testing Tor for end users
271
+<br />
272
+The Tor project currently lacks a solid test to ensure that a
273
+user has a properly configured web browser. It should test for as
274
+many known issues as possible. It should attempt to decloak the
275
+user in any way possible.  Two current webpages that track these
276
+kinds of issues are run by Greg and HD Moore. Greg keeps a nice <a
277
+href="http://pseudo-flaw.net/tor/torbutton/">list of issues along
278
+with their proof of concept code, bug issues, etc</a>. HD Moore runs
279
+the <a href="http://metasploit.com/research/misc/decloak/">metasploit
280
+decloak website</a>. A person interested in attacking Tor could start
281
+by collecting as many workable and known methods for decloaking a
282
+Tor user. The person should be familiar with the common pitfalls but
283
+possibly have new methods in mind for implementing decloaking issues. The
284
+website should ensure that it tells a user what their problem is. It
285
+should help them to fix the problem or direct them to the proper support
286
+channels. The person should be closely familiar with using Tor and how
287
+to prevent Tor leakage.
288
+</li>
289
+
290
+<li>
291
+Tor needs even better censorship resistance mechanisms.  There are
292
+several mechanisms that can help.  Tor should be able listen on multiple
293
+addresses and ports, and allow clients to connect to all of them.
294
+Tor should be able to appear like a webserver (HTTP or HTTPS) when
295
+contacted by port-scanning tools.
296
+</li>
297
+
298
+<li>
299
+Tor should make better use of the more recent features of Niels Provos's
300
+Libevent library.  Libevent already provides HTTP and socket buffers;
301
+Tor's code for those could be replaced.  We'll need to improve libevent's
302
+code as needed; particularly, to add good openssl support on top of
303
+libevent's buffer abstraction.
304
+</li>
305
+
306
+<li>
307
+Tor should possibly measure bandwidth in a distributed way, as in the
308
+<a href="http://freehaven.net/anonbib/">"A Tuneup for Tor"</a> paper
309
+by Snader and Borisov.  A student could use current testing code to
310
+double-check this paper's findings and verify the extent to which they
311
+dovetail with Tor in the wild, and determine good ways to incorporate them
312
+into the Tor network without adding undesirable n^2 traffic properties
313
+at the directory authorities.
314
+</li>
315
+
316
+<li>
317
+It would be useful to have automated build processes for Windows and
318
+probably other platforms. The purpose of having a continuous integration
319
+build environment is to ensure that Windows isn't left behind for any of
320
+the software projects used in the Tor project or its accompanying.<br />
321
+Buildbot may be a good choice for this as it appears to support all of
322
+the platforms Tor does. See the 
323
+<a href="http://en.wikipedia.org/wiki/BuildBot">wikipedia entry for 
324
+buildbot</a>.<br />
325
+There may be better options and the person undertaking this task should
326
+evaluate other options. Any person working on this automatic build
327
+process should have experience or be willing to learn how to build all
328
+of the respective Tor related code bases from scratch. Furthermore, the
329
+person should have some experience building software in Windows
330
+environments as this is the target audience we want to ensure we do not
331
+leave behind. It would require close work with the Tor source code but
332
+probably only in the form of building, not authoring.
333
+</li>
334
+
335
+<li>
336
+Tor needs to be far more tested.  This is a multi-part effort.  To start
337
+with, our unit test coverage should rise substantially, especially in
338
+the areas outside the utility functions.  This will require significant
339
+refactoring of some parts of Tor, in order to dissociate as much logic
340
+as possible from globals.<br />
341
+Additionally, we need to automate our performance testing.  We've got
342
+buildbot (except on Windows &mdash; see above) to automate our regular 
343
+integration and compile testing already,
344
+but we need to get our network simulation tests (as built in torflow)
345
+updated for more recent versions of Tor, and designed to launch a test
346
+network either on a single machine, or across several, so we can test
347
+changes in performance on machines in different roles automatically.<br />
348
+</li>
349
+
350
+<li>
351
+Reanimate one of the approaches to implement a Tor client in Java,
352
+e.g. the <a href="http://onioncoffee.sourceforge.net/">OnionCoffee
353
+project</a>, and make it run on <a
354
+href="http://code.google.com/android/">Android</a>. The first step
355
+would be to port the existing code and execute it in an Android
356
+environment. Next, the code should be updated to support the newer Tor
357
+protocol versions like the <a href="<svnsandbox>doc/spec/dir-spec.txt">v3
358
+directory protocol</a>. Further, support for requesting or even
359
+providing Tor hidden services would be neat, but not required. The
360
+student should be able to understand and write new Java code, including
361
+a Java cryptography API. Being able to read C code would be helping,
362
+too. The student should be willing to read the existing documentation,
363
+implement code based on it, and, if required, refine the documentation
364
+if things are underdocumented. This project is mostly about coding and
365
+to a small degree about design.
366
+</li>
367
+
368
+<li>
369
+Write a tool that runs automatic system tests in addition
370
+to the existing unit tests. The Java-based Tor simulator <a
371
+href="https://tor-svn.freehaven.net/svn/puppetor/trunk/">PuppeTor</a>
372
+might be a good start for starting up a private Tor network, using it
373
+for a while, and verifying that at least parts of it are working. This
374
+project requires to conceive a blueprint for performing system tests
375
+of private Tor networks, before starting to code. Typical types of
376
+tests range from performing single requests over the private network to
377
+manipulating exchanged messages and see if nodes handle corrupt messages
378
+appropriately. The student should be able to obtain a good understanding
379
+of how Tor works and what problems and bugs could arise to design good
380
+test cases. Understanding the existing Tor code and documentation is
381
+vital. If PuppeTor is used, the student should also be able to understand
382
+and possibly extend an existing Java application. This project is partly
383
+about design and partly about coding.
384
+</li>
385
+
386
+<li>
387
+Implement a <a href="http://www.ss64.com/bash/top.html">top-like</a>
388
+management tool for Tor relays. The purpose of such a tool would be
389
+to monitor a local Tor relay via its control port and include useful
390
+system information of the underlying machine. When running this tool, it
391
+would dynamically update its content like top does for Linux processes.
392
+<a href="http://archives.seul.org/or/dev/Jan-2008/msg00005.html">This
393
+or-dev post</a> might be a good first read. The student should be familiar
394
+with or willing to learn about administering a Tor relay and configuring
395
+it via its control port. As an initial prototype is written in Python,
396
+some knowledge about writing Python code would be helpful, too. This
397
+project is for the one part about identifying requirements to such a
398
+tool and designing its interface; but on the other part, the project
399
+also requires a lot of coding.
400
+</li>
401
+
402
+<li>Help Mike Perry on his <a
403
+href="https://www.torproject.org/svn/torflow/">TorFlow</a>
404
+library (<a href="https://www.torproject.org/svn/torflow/TODO">TODO</a>):
405
+it's a python library that uses the <a
406
+href="https://www.torproject.org/svn/torctl/doc/howto.txt">Tor controller
407
+protocol</a> to instruct Tor to build circuits in a variety of ways,
408
+and then it measures performance and tries to detect anomalies.</li>
409
+<li>Torflow / soat to detect bad relays and automatically get that
410
+info to the directory authorities for realtime blacklisting</li>
411
+<li>Torstatus. Set up an automated system for tracking network health
412
+over time, graphing it, etc. Better metrics for assessing network
413
+health and growth.</li>
414
+<li>vidalia and upnp</li>
415
+<li>nymble</li>
416
+
417
+<li>
418
+Help port <a
419
+href="http://www.pps.jussieu.fr/~jch/software/polipo/">Polipo</a> to
420
+Windows. 1) handle spaces in path names and understand the filesystem
421
+namespace &mdash; namespace meaning where application data, personal data,
422
+and program data typically reside in various versions of Windows. 2) the
423
+ability to handle ipv6 communications. 3) the ability to asynchronously
424
+query name servers, find the system nameservers, and manage netbios
425
+and dns queries. 4) use native regex capabilities of Windows, rather
426
+than using 3rd party GNU regex libraries. 5) manage events and buffers
427
+natively (i.e. in Unix-like OSes, Polipo defaults to 25% of ram, in
428
+Windows it's whatever the config specifies). 6) some sort of GUI config
429
+and reporting tool, bonus if it has a systray icon with right clickable
430
+menu options. Double bonus if it's cross-platform compatible.
431
+</li>
432
+
433
+<li>
434
+a way to generate the website diagrams from source, so we can translate
435
+them as utf-8 text rather than with gimp. (svg? or imagemagick?)
436
+integrate this with a wml file so translations are easy and images are
437
+generated in multiple languages at web publish
438
+</li>
439
+
440
+<li>How can we make the <a
441
+href="http://anonymityanywhere.com/incognito/">Incognito LiveCD</a>
442
+easier to maintain, improve, and document?</li>
443
+<li>We need a distributed testing framework. We have unit tests,
444
+but it would be great to have a script that starts up a Tor network, uses
445
+it for a while, and verifies that at least parts of it are working.</li>
446
+
447
+<li>Don't like any of these? Look at the <a
448
+href="<svnsandbox>doc/design-paper/roadmap-future.pdf">Tor development
449
+roadmap</a> for more ideas.</li>
450
+<li>Don't see your idea here? We probably need it anyway! Contact
451
+us and find out.</li>
452
+</ol>
453
+
88 454
 <h2><a class="anchor" href="#Coding">Кодирование и проектирование</a></h2>
89 455
 <ol>
90 456
 <li>Серверы Tor под Windows XP работают не очень стабильно. Под Windows,
... ...
@@ -99,11 +465,6 @@ overlapped IO вместо select(), а потом адаптировать Tor
99 465
 libevent. Прошлым летом (2007) Christian King начал 
100 466
 <a href="https://tor-svn.freehaven.net/svn/libevent-urz/trunk/">работу в этом
101 467
 направлении</a>.</li>
102
-<li>Как мы можем упростить сборку, настройку и документирование 
103
-<a href="http://anonymityanywhere.com/incognito/">Incognito LiveCD</a>?</li>
104
-<li>Рекомендуемый нами графический фронт-енд для Tor,
105
-а именно <a href="http://vidalia-project.net/">Vidalia</a>, требует много
106
-работы.</li>
107 468
 <li>Пора уже начинать вводить наш
108 469
 <a href="<page documentation>#DesignDoc">дизайн для противодействия
109 470
 блокированию</a>. Это включает отшлифовывание дизайна, исправления кода во
... ...
@@ -117,16 +478,6 @@ really well or that some defense works great. Можем ли мы создат
117 478
 результатам? Это вызовет много новых исследований. Смотрите раздел <a
118 479
 href="#Research">ниже</a> о атаках на распознавание &mdash; кто знает, может
119 480
 быть когда это будет сделано вы сможете помочь в написании работы.</li>
120
-<li>Нам требуется распределённая система тестирования. У нас есть юнит-тесты,
121
-но не мешало бы написать скрипт который бы запускал тестовую сеть Tor,
122
-использовал её некоторое время, и проверял что хотя бы некоторые её части работают.</li>
123
-<li>Помогите Mike Perry с его библиотекой
124
-<a href="https://www.torproject.org/svn/torflow/">TorFlow</a> 
125
-(<a href="https://www.torproject.org/svn/torflow/TODO">TODO</a>):
126
-это либа для Python которая использует
127
-<a href="https://www.torproject.org/svn/torctl/doc/howto.txt">протокол контроллера Tor</a>
128
-для построения цепочек указанным способом, с последующим анализом и
129
-измерением скорости с целью выявить аномалии.</li>
130 481
 <li>Tor версии 0.1.1.x и выше поддерживают аппаратные ускорители криптографических операций
131 482
 с помощью OpenSSL. Впрочем, никто никогда это не проверял. Если у вас есть такая
132 483
 возможность, проверьте Tor на своей карточке и сообщите нам результаты.</li>
... ...
@@ -144,11 +495,6 @@ href="#Research">ниже</a> о атаках на распознавание &m
144 495
  &mdash; пожалуйста сообщите если с ней что не так.</li>
145 496
 <li>Мы уже близки к поддержке IPv6 для адресов назначения (на выходящих
146 497
 узлах). Если вас интересует IPv6, пожалуй стоит начать с этого пункта.</li>
147
-<li>Не интересует ничто из вышеперечисленного? Посмотрите
148
-<a href="<svnsandbox>doc/design-paper/roadmap-future.pdf">Tor development
149
-roadmap</a>, может быть найдёте что-то интересное.</li>
150
-<li>Здесь не перечислена ваша задумка? Возможно она нам всё равно пригодится!
151
-Свяжитесь с нами.</li>
152 498
 </ol>
153 499
 
154 500
 
155 501